Latest CVE Feed
-
6.8
MEDIUMCVE-2025-32063
There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disable... Read more
Affected Products :- Published: Feb. 15, 2026
- Modified: Feb. 15, 2026
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.... Read more
Affected Products : garoon- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2025-57796
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encr... Read more
Affected Products : blue- Published: Jan. 28, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cryptography
-
6.8
MEDIUMCVE-2026-1232
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections,... Read more
Affected Products : privilege_management_for_windows- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2026-22228
An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unre... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2026-24784
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would ru... Read more
Affected Products : dotnetnuke- Published: Jan. 28, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2026-20982
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2026-24413
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its... Read more
Affected Products : icinga- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2026-1301
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2025-31990
Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unrespon... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2026-22220
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent a... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2025-7708
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this d... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesy... Read more
Affected Products : miniserve- Published: Jan. 23, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Race Condition
-
6.8
MEDIUMCVE-2026-21944
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged at... Read more
Affected Products : agile_product_lifecycle_management_for_process- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
6.8
MEDIUMCVE-2026-23626
Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that allows arbitrary method calls on objects available in the... Read more
Affected Products : kimai- Published: Jan. 18, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2025-71176
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2026-23946
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vuln... Read more
Affected Products : tendenci- Published: Jan. 22, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2025-14973
The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks.... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2025-27379
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected c... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting